From owner-freebsd-questions Mon Jun 12 3:12: 9 2000 Delivered-To: freebsd-questions@freebsd.org Received: from draenor.org (draenor.org [196.36.119.129]) by hub.freebsd.org (Postfix) with ESMTP id 9762C37B7AF for ; Mon, 12 Jun 2000 03:12:02 -0700 (PDT) (envelope-from marcs@draenor.org) Received: from marcs by draenor.org with local (Exim 3.14 #1) id 131RAZ-0000ms-00; Mon, 12 Jun 2000 12:10:11 +0200 Date: Mon, 12 Jun 2000 12:10:11 +0200 From: Marc Silver To: Alexandru Popa Cc: freebsd-questions@freebsd.org Subject: Re: Securing bootup procedure on a public physical access machine Message-ID: <20000612121011.J81376@draenor.org> References: <20000612130418.A18033@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000612130418.A18033@ldc.ro>; from razor@ldc.ro on Mon, Jun 12, 2000 at 01:04:18PM +0300 X-Operating-System: FreeBSD 4.0-STABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Take a look at /etc/ttys # If console is marked "insecure", then init will ask for the root # password when going to single-user mode. console none unknown off secure :) Cheers, Marc On Mon, Jun 12, 2000 at 01:04:18PM +0300, Alexandru Popa wrote: > Is it possible to "secure" the bootup procedure so that a computer that is > located in a public place cannot be "rooted" by just specifying single-user > mode bootup? > > I am using FreeBSD 4.0-RELEASE (I will update to -stable soon), on an > entirely-FreeBSD disk (no fdisk type partitions, aka "dangerously > dedicated"). > > I know about the password mechanism in /boot/, but as I understand the > three-phase bootup procedure, it is possible to convnice first the MBR block > to boot from a floppy, then the boot manager, or it is possible to fool the > second-stage boot manager to load another third-stage boot manager. > > Please correct me if I am wrong, or give suggestions so I can trust that > machine. > > Note that I am not subscribed to -questions, so please cc me on the answer. > > Thanks a lot, > Alex. > > ------------+------------------------------------------ > Alex Popa, |There never was a good war or a bad peace > razor@ldc.ro| -- B. Franklin > ------------+------------------------------------------ > "It took the computing power of three C-64s to fly to the Moon. > It takes a 486 to run Windows 95. Something is wrong here." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Lovers don't finally meet somewhere, They're in each other all along... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message